Websploit is an open-source tool for carrying out web-based attacks. It is a framework that can be used for various purposes, such as scanning, spoofing, and exploitation. One of the modules in Websploit is the Cloudflare Resolver module, which is designed to bypass Cloudflare’s security measures and reveal the true IP address of a website that is protected by Cloudflare.
In this tutorial we will be testing and using the Cloudflare resolver module in Websploit on Kali Linux. Cloudflare is a company that provides a content delivery network and distributed DNS (Domain Name Server) services, sitting between the visitor and the hosting provider of the Cloudflare user. This way Cloudflare is acting as a reverse proxy for websites and claims to protect, speed up, optimize and improve availability for a website. Cloudflare also provides advanced DDOS protection for a website, including those targeting UDP and ICMP protocols. Cloudflare claims to protect more than 2 million website at the time of writing. The Websploit Cloudflare Resolver module claims to resolve the original IP address of the server protected by Cloudflare.
Cloudflare is a company that provides security and performance services for websites. It offers a variety of features, including a content delivery network (CDN), a distributed domain name server (DNS) system, and a web application firewall (WAF). One of the main ways Cloudflare protects websites is by acting as a reverse proxy, which means that it sits between the client (e.g., a user’s web browser) and the server (e.g., the website’s host). When a client makes a request to a website, the request goes to Cloudflare first, and Cloudflare then forwards the request to the server. This helps to protect the server from various types of attacks, such as DDoS (distributed denial of service) attacks, and also helps to improve the performance of the website by caching content and serving it from servers that are closer to the client.
The Cloudflare Resolver module in Websploit is designed to bypass this security measure by attempting to find the true IP address of a website that is protected by Cloudflare. This is typically done by using techniques such as DNS spoofing or by exploiting vulnerabilities in the Cloudflare infrastructure. It is important to note that using this module or any other tool to bypass Cloudflare’s security measures is generally not recommended, as it can potentially be illegal and can also cause harm to the website or its owner. If you have a legitimate reason for needing to determine the true IP address of a website, it is recommended to contact the website’s owner or hosting provider for assistance.
Websploit Cloudflare Resolver Tutorial
Open a terminal and start websploit with the following command:
Use the following command to show an overview of available modules from which we will select the Websplout Cloudflare Resolver module:
Use the following command to set the cloudflare_resolver module so we can configure it’s parameters:
Type the following command to show the available options for the Websploit Cloudflare Resolver module:
We need to specify a hostname as target:
We will use the following command to set a target:
set target [hostname]
Now type the Run command to run the Websploit Cloudflare Resolver module against the specified target.
Hackingtutorials.org is not using Cloudflare so it will display the webserver’s real IP address. I tried this module on a couple websites using Cloudflare and it returns the Cloudflare IP address mostly. This module does return the IP addresses for sub-domains and sometimes this gives you useful information and non Cloudflare IP addresses but this could also be done by a simple ping on subdomains.